Blockchain Ethereum

Ethereum account

For possible replay attacks in Ethereum, add a nonce value to each transaction in the account to record how many transactions it is, and then sign the nonce value together with the transaction. If someone replays the transaction later, , after verification, it is found that the transaction corresponding to the nonce value has been executed once and will no longer be executed. Therefore, the full node should also save the nonce value of each node.

The concept of accounts facilitates the execution of contracts.

1. External account (ordinary account)

• Similar to the account in Bitcoin, the account is controlled through public and private keys.
• Account status: account balance, nonce (counter)

2. Contract account

• Without control through public and private keys, transactions cannot be initiated. All transactions can only be initiated by external accounts.
• Can be called to call other contracts. When a contract account is generated, an address will be returned, and the address will be called to call the contract.
• The status of the contract account also includes code and storage.

ETH state tree

Choice of data structure:

• Choose to use hash table?

  How to provide merkle proof: If you use a hash table to construct a merkle tree and then put the root hash in the block header. If this is the case, every time a new block is released, all account statuses need to be formed into a new merkle tree, but in fact only a small number of accounts change status each time. Therefore, the method of simply forming a merkle tree of all accounts is a bit expensive. And it is difficult to maintain the consistency of all nodes in the blockchain

• Use merkle tree directly?

  One is a state where it is difficult to find and update data.

  Whether to sort, if not sort

  • Searches are slower
  • It is difficult to ensure that the structure of the constructed merkle tree is consistent in the blockchain. This will lead to different hash values ​​of the merkle tree calculated by different nodes.

  If sorting:

  • The complexity of adding data is high. If you insert a piece of data, it is possible that most of the tree needs to recalculate the hash value.

Selected data structures in Ethereum:

Compressed prefix tree

trie：

Compressed trie:

The pointer here uses hash pointer

The necessity of preserving historical states. In the Ethereum network, forks are very common. Unlike Ethereum, which stores simple transactions in the blockchain, smart contracts in Ethereum can implement more complex transactions. function, so it is difficult to implement state rollback through code analysis.

• The value in the state is stored first after serialization, using the RLP method (Recursive Length Profix)

ETH transaction tree and receipt tree

• Transaction tree: Contains transaction information
• Receipt tree: There is a receipt information corresponding to each transaction, which records relevant information of the transaction and is helpful for finding information about related transactions.

Both trees use the MPT structure

bloom filter structure:

Calculate the hash value by calculating the information of the elements in the set, map it to a compact digest, and set the corresponding position bit to one. This method can prove that an element is not in the set, but it cannot prove that an element is in the set. Because there will be hash collisions, some use multiple hash algorithms to calculate multiple digests to reduce the possibility of hash collisions.

The bloom filter in the block header is the union of the bloom filters below.

Why doesn't the user state just save the user state related to the current transaction?

• If there is a transaction, it is A–>B, and if only part of the user status is saved, then when you need to find the status of account B, because only part of the user status is saved, you need to keep looking forward to see if account B exists, but if B is a new account, so you need to find the genesis block to get the result.

GHOST protocol

If you continue to use the consensus protocol in Bitcoin:

In order to shorten the block generation time, temporary forks will also increase a lot. When a large mining pool mines a block, the block it is in will be more likely to become the longest legal chain, which means This means that other blocks are mined in vain. In Bitcoin, although individual users do not have an advantage in computing power compared to mining pools, users in Bitcoin may still mine blocks before mining pools, and the blocks they mine are In most cases, it is on the longest legal chain (the block generation time is relatively long, and it is not so easy to cause a fork and then it will be longer.)

GHOST protocol:

Core concept: uncle block

For blocks that have been mined but have not become the longest legal chain, this block is regarded as an uncle block to the block that is newly added to the longest legal chain later. If the block behind the longest legal chain contains an uncle block, then the included uncle block will get 7/8 of the block reward, but will not get the gas fee. The new block containing the uncle block will get 1/ 32 block rewards. Can contain up to two uncle blocks.

The definition of an uncle block can only be separated by 7 generations at most, and as the number of generations increases, the rewards obtained by the uncle block will gradually decrease, and the establishment of which block contains him is still 1/32. The block reward in Ethereum will not continue to decrease.

The meaning of this design:

• If the maximum number of generations between uncle blocks is not specified, then the full node will need to save many uncle blocks.
• Encourage uncle blocks to be merged into the longest legal chain as early as possible.

For included uncle blocks:

1. The transaction is not executed until the longest legal chain contains the transaction in the uncle block.
2. Checking the legality does not mean checking the legality of the transaction, but whether the uncle block meets the difficulty requirements.

The uncle block can only be the first block after the fork, and subsequent blocks cannot be counted as uncle blocks.

If subsequent blocks are also uncle blocks, the failure cost of the fork attack will be too small.

Conduct a fork attack. If I succeed, I can roll back the transaction. Even if I fail, I can still get the reward of the uncle block.

Recognizing only the first block as the uncle block can increase the cost of failed fork attacks, thus prompting the fork blocks to be merged as soon as possible.

ETH mining algorithm

memory-hard mining puzzle. This is used to achieve unfriendliness to ASIC chips.

Mining algorithm of litecoin, scrypt

Generate a larger array, calculate a hash value by selecting a seed, and store it in the first position of the array. The hash value of subsequent array positions is calculated by using the hash value of the previous array element. When calculating the puzzle, first select a position and then determine the next position to be read based on the hash value of this position. After looping a certain number of times, use the nonce to find the nonce value that meets the difficulty requirements.

The fewer people using a cryptocurrency, the less secure it becomes. Because 51% of the computing power is relatively easy to achieve.

Mining algorithm in Ethereum (ethash):

Ethereum first adopts a similar method to litecoin to calculate a 16M cache, and then calculates a larger DAG based on the cache (the size of the cache and DAG will increase every once in a while). Starting from a certain array position in the seed, a hash is calculated and the next position to be read is obtained from this hash. The hash is updated based on the value of the array at that position. After 256 rounds of update iterations, the final calculated hash is The value is filled in the first position in the DAG. The process of calculating the puzzle is: calculate a hash based on the block header and the initial nonce value, then obtain a position from the position pointed to by the hash, take out the values ​​​​of this position and adjacent positions, calculate a hash to get the next position, and perform the same The operation updates the hash value, loops 64 times to obtain the final hash value, and compares it with the difficulty threshold to see if it meets the difficulty requirements. If it does not, change the nonce value and calculate again.

Every 30,000 blocks, the seed value will change, the cache size will increase by 1/128 of the initial size, and the cache will be regenerated based on the new seed.

When the light node performs verification, the header block and nonce in the obtained block are combined to calculate a hash. Since the light node does not save it, the value of the corresponding position of the DAG must be temporarily generated. (The calculation amount is slightly larger, but for light nodes, only one nonce value is calculated, but for mining machines, because there are too many nonce values ​​to try, the calculation efficiency without saving DAG is too low)

PoS proof of equity, no mining required

Is it safe to mine using ASIC chips? : Because the ASIC chip is a specialized mining chip, if a 51% attack is achieved using an ASIC chip, then the security of the cryptocurrency will be proven to be problematic, and the price of Bitcoin will drop, which may eventually lead to losses. The mining machine bought at that time could not be used for other purposes, so it would be a loss. And if ordinary user machines can also mine, the cost of launching attacks will be reduced, because these machines can be used for other things when mining is no longer needed.

Ethereum difficulty adjustment (this part is the best code)

https://www.bilibili.com/video/BV1Vt411X7JF?p=20&spm_id_from=pageDriver

Difficulty bomb: It is set up for the future transfer to proof of equity. As the number of blocks increases, the mining difficulty will increase exponentially, so that when the mining difficulty becomes very large in the future, it will be beneficial to transfer to PoS. But before PoS was fully developed, the effect of the difficulty bomb was already apparent. So there is a difficulty bomb block number callback of 3,000,000 blocks.

Proof of Stake

One of the bigger disadvantages of proof of work is that it consumes power

Although smart contracts still need to be processed in Ethereum, the block generation time is short and the power consumption is lower than that of Bitcoin mining.

The mining mechanism determines the proportion of revenue obtained through the size of the computing power, and the size of the mining power depends on the amount of funds invested. So the idea of ​​Proof of Stake is to determine the amount of income directly by how much money is invested in the blockchain, while omitting the mining step.

In Bitcoin, accounting rights are obtained through computing power, while in Ethereum, accounting rights are obtained through the amount of ether coins invested. That is, the accounting rights are allocated according to probability according to the currency age. There is no need to go through mining, and you will also receive block rewards after publishing the block. When Ethereum was first established, a portion of the Ethereum was reserved for investment by others.

Advantages of Proof of Stake:

Maintaining the resources of the Ethereum blockchain is a closed loop.

The resources to maintain blockchain security in Bitcoin come from the external environment of Bitcoin, that is, the resources used to fight for accounting rights can be obtained through the external environment (using money other than cryptocurrency, and then converting it into cryptocurrency competitive resources. Use real estate money to buy mining machines). The total market value of Bitcoin in the world economy is relatively small. If someone is willing, it can easily gather 51% of the computing power. In Ethereum, if he wants to launch a 51% attack, he needs to own 51% of the Ether coins in the Ethereum system. This means that there will be a large amount of Ethereum purchases, so the price of Ethereum will also Then it rises.

Some cryptocurrencies take a combination of both approaches:

Both mining and proof of rights are carried out, and the difficulty of mining with more coins will be reduced accordingly. However, if the design is simply done in this way, it will become easier and easier for people with more coins to mine, thereby obtaining more coins, and then mining will be easier. Therefore, some are designed so that the coins cannot be used immediately after a block is mined for a period of time.

Challenges in Proof of Stake:

Hedging your bets:

That is, when the blockchain bifurcates, you can place bets on both sides at the same time (proof of equity requires paying something similar to a deposit to obtain equity. In order to prevent nodes from packaging illegal transactions, if illegal transactions are packaged, there will be If the block reward is less than the block reward, and the deposit will be taken away), this kind of hedging behavior will disperse the computing power in the case of proof of work, but there is no such problem in proof of stake.

Casper: Proof-of-stake ready for use in blockchains

In the mixed stage of mining and proof-of-stake, the prerequisite for a Validator to become a Validator is to invest a certain amount of deposit. Its responsibility is to promote the system to reach consensus. Validator votes to decide which chain becomes the longest legal chain, and more than 2/3 of the votes can pass.

Every 50 blocks are an epoch and a vote is held after each epoch. It can only be confirmed after more than 2/3 of the nodes agree in two consecutive epochs. Validator can get rewards from voting, but it has to wait for a period of time. During this time, it can be judged whether the Validator legally performs its duties and dealt with it.

smart contract

A smart contract is a piece of code that runs on the blockchain. The logic of the code defines the contract.

Hash in solidity language does not support traversal.

The payable added after the bid function indicates that this function receives external transfers

How external accounts call smart contracts

Calling a contract is similar to a transfer transaction. If the transfer object is a contract account, it means that the contract is called. The specific function called will be described in the data field.

How does one contract call another contract?

• call directly
  

• Use the call function of address type
  

• The agent calls the delegatecall function
  

The difference between the previous two calls is that if the function called in the previous one goes wrong, the contract being called will also go wrong. However, using the call function, if the call fails, false will be returned.

fallback function (this function is called if the corresponding function is not found)

Creation and operation of smart contracts

gas fee

The maximum gas fee will be deducted in Ethereum at one time. If the gas fee finally calculated does not meet that standard, the overcharged gas fee will be refunded. If it is not enough, it will result in a rollback, and the gas fee collected will not be refunded. . (I feel that an effective way to prevent malicious attacks in the blockchain is to make the failure of some attack methods pay a larger price)

If any errors occur during the transaction, the entire transaction will be rolled back, as if the transaction had never occurred.

There is a limit on the maximum gas fee allowed for a published block to prevent published blocks from excessively consuming resources. Similar to Bitcoin, the block size cannot exceed 1M.

Error handling

revert() throws an exception unconditionally

Nested calls

Any operation on an account in a smart contract is an operation on the locally saved state tree, and will only be agreed upon after it is published on the blockchain network.

Execute the transaction first before mining, because if it is not executed first, there is no way to determine the state tree, there is no way to calculate the root value, and there is no way to try the nonce value.

What will happen if some miners do not verify newly released blocks? Mining cannot continue without verification. Because the verification process is to execute the content in the published blockchain again. If it is not executed, the status obtained by subsequent mining will be inconsistent with other nodes and will not be recognized. Another approach is to make a copy of the three trees obtained by others after execution. This approach is similar to that of a mining pool. (You cannot get the content of the tree directly from the published block, only a hash is in the block header)

Transactions published to the blockchain are not necessarily executed successfully, because there is no way to deduct the gas fee if they are not published.

Receipt data structure

Relevant information that smart contracts can obtain

Three transfer methods:

• transfer() will cause a chain rollback and give very little gas fee.
• send() will not cause chain rollback and will give you very little gas fee.
• call.value() will send the remaining gas fee to

If the smart contract is poorly designed, the money deposited may not be withdrawn.